chore: pos workspace setup

[marcello33]

Description

Init pos workspace setup.

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[Copilot]

Pull request overview

This PR sets up PoS workspace conventions by moving AI-agent guidance into a new AGENTS.md, simplifying the PR template, and updating Claude settings, alongside a small Go dependency bump for cmd/keeper.

Changes:

• Bump golang.org/x/sys (indirect) for cmd/keeper.
• Replace the root CLAUDE.md content with a pointer to the new AGENTS.md and add Claude web-fetch permissions.
• Rewrite the GitHub PR template to a shorter “Summary / Executed tests / Rollout notes” format.

Reviewed changes

Copilot reviewed 5 out of 6 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
cmd/keeper/go.mod	Bumps golang.org/x/sys indirect dependency.
cmd/keeper/go.sum	Updates sums to match the x/sys bump.
CLAUDE.md	Replaces the prior guide with an @AGENTS.md pointer.
AGENTS.md	Adds the full AI-agent development guide + team standards fetch instructions.
.github/pull_request_template.md	Simplifies PR template sections and placeholders.
.claude/settings.json	Adds Claude Code settings permitting WebFetch to gist.githubusercontent.com.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[claude]

Code Review

1 issue found. Checked for bugs and CLAUDE.md compliance.

Supply-chain prompt injection risk

File: AGENTS.md lines 3-11 + .claude/settings.json

This block instructs AI agents to fetch and unconditionally apply rules from an external GitHub Gist at the start of every session. Combined with the .claude/settings.json that auto-allows WebFetch(domain:gist.githubusercontent.com), this creates a supply-chain attack surface:

1. Unpinned URL — The /raw/ URL always resolves to the latest Gist revision. The content can change at any time without a PR, code review, or git history in this repo.
2. Single-user control — The Gist is owned by an individual GitHub account, not governed by the repo's branch protection, CODEOWNERS, or required reviews.
3. No human gate — The settings.json permission means Claude Code fetches automatically without prompting the operator.
4. Maximum scope — The instruction says these rules apply to every change in this repo, giving the fetched content authority over all AI-assisted code changes.

If the Gist owner's account is compromised (or even intentionally edited), arbitrary instructions can be injected into every AI agent session on this repo — a blockchain execution client managing real user funds — without any code review. Per the project's own security-common.md, external inputs must be validated and bounded, and externally-triggerable issues should be severity-escalated.

Suggested fix: Vendor the team standards file into the repo (e.g., as .claude/rules/team-standards.md) so it goes through normal PR review. If a remote source is desired, pin to a specific Gist revision SHA in the URL rather than using /raw/.

[claude]

Inline review comment for AGENTS.md lines 3-11 (posted as PR comment due to tooling constraints)

Supply-chain prompt injection risk: This block instructs AI agents to fetch and unconditionally apply rules from an external GitHub Gist at the start of every session. Combined with the new .claude/settings.json that auto-allows WebFetch(domain:gist.githubusercontent.com), this creates a supply-chain attack surface:

1. Unpinned URL — The /raw/ URL always resolves to the latest Gist revision. The content can change at any time without a PR, code review, or git history in this repo.
2. Single-user control — The Gist is owned by an individual GitHub account, not governed by the repo's branch protection, CODEOWNERS, or required reviews.
3. No human gate — The settings.json permission means Claude Code fetches automatically without prompting the operator.
4. Maximum scope — The instruction says these rules apply to every change in this repo, giving the fetched content authority over all AI-assisted code changes.

If the Gist owner's account is compromised (or even intentionally edited), arbitrary instructions can be injected into every AI agent session on this repo — a blockchain execution client managing real user funds — without any code review. Per the project's own security-common.md, external inputs must be validated and bounded, and externally-triggerable issues should be severity-escalated.

Suggested fix: Vendor the team standards file into the repo (e.g., as .claude/rules/team-standards.md) so it goes through normal PR review. If a remote source is desired, pin to a specific Gist revision SHA in the URL rather than using /raw/.